From owner-freebsd-current@FreeBSD.ORG Sun Jan 31 21:53:28 2010 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 40A311065670 for ; Sun, 31 Jan 2010 21:53:28 +0000 (UTC) (envelope-from bulinskp@iem.pw.edu.pl) Received: from volt.iem.pw.edu.pl (volt.iem.pw.edu.pl [194.29.146.3]) by mx1.freebsd.org (Postfix) with ESMTP id ABF6A8FC16 for ; Sun, 31 Jan 2010 21:53:27 +0000 (UTC) Received: from [192.168.150.8] (aaph86.neoplus.adsl.tpnet.pl [83.5.141.86]) (Authenticated sender: bulinskp) by volt.iem.pw.edu.pl (Postfix) with ESMTPSA id 4C457A665E3; Sun, 31 Jan 2010 22:53:25 +0100 (CET) Mime-Version: 1.0 (Apple Message framework v1077) Content-Type: multipart/signed; boundary=Apple-Mail-7-1052279468; protocol="application/pkcs7-signature"; micalg=sha1 From: =?utf-8?Q?Piotr_Buli=C5=84ski?= In-Reply-To: <20100131125805.GA44187@stack.nl> Date: Sun, 31 Jan 2010 22:53:24 +0100 Message-Id: <707EBC5E-E5C1-4A23-A829-7283495191AA@iem.pw.edu.pl> References: <4D59045B-6B03-440C-BCCC-C9C171621475@iem.pw.edu.pl> <20100131125805.GA44187@stack.nl> To: freebsd-current@freebsd.org X-Mailer: Apple Mail (2.1077) X-Virus-Scanned: clamav-milter devel-20100125-exp at volt.iem.pw.edu.pl X-Virus-Status: Clean X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: Jilles Tjoelker , des@freebsd.org Subject: Re: Problem with sftp server, static linking, pam and nss_ldap. X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 31 Jan 2010 21:53:28 -0000 --Apple-Mail-7-1052279468 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=utf-8 On 2010-01-31, at 13:58, Jilles Tjoelker wrote: > On Sun, Jan 31, 2010 at 12:37:19PM +0100, Piotr Buli=C5=84ski wrote: >> As you can see, it works great with dynamic linking, but if it's = build with=20 >> static linking it can't get user information from LDAP database. >=20 > Correct, NSS only works from dynamically-linked executables. I didn't know that. >> During the upgrade to OpenSSH 5.3p1 = /head/secure/libexec/sftp-server/Makefile file changed a little bit: >>=20 >> revision 181111, Fri Aug 1 02:48:36 2008 UTC ---> revision 197679, = Thu Oct 1 17:12:52 2009 UTC >> LDADD=3D -lssh -lcrypt -lcrypto -lz ---> LDADD=3D -lcrypt = -lcrypto -lz -static -lssh >=20 >> So I've tried to build sftp-server without -static switch, but it >> result in failure like below: >=20 >> {volt}-{/usr/src/secure/libexec/sftp-server}% sudo make >> Warning: Object directory not changed from original = /usr/src/secure/libexec/sftp-server >> cc -O2 -pipe -fomit-frame-pointer -march=3Dopteron = -I/usr/src/secure/libexec/sftp-server/../../../crypto/openssh -include = ssh_namespace.h -std=3Dgnu99 -Wno-pointer-sign -c = /usr/src/secure/libexec/sftp-server/../../../crypto/openssh/sftp-server.c >> cc -O2 -pipe -fomit-frame-pointer -march=3Dopteron = -I/usr/src/secure/libexec/sftp-server/../../../crypto/openssh -include = ssh_namespace.h -std=3Dgnu99 -Wno-pointer-sign -c = /usr/src/secure/libexec/sftp-server/../../../crypto/openssh/sftp-common.c >> cc -O2 -pipe -fomit-frame-pointer -march=3Dopteron = -I/usr/src/secure/libexec/sftp-server/../../../crypto/openssh -include = ssh_namespace.h -std=3Dgnu99 -Wno-pointer-sign -c = /usr/src/secure/libexec/sftp-server/../../../crypto/openssh/sftp-server-ma= in.c >> cc -O2 -pipe -fomit-frame-pointer -march=3Dopteron = -I/usr/src/secure/libexec/sftp-server/../../../crypto/openssh -include = ssh_namespace.h -std=3Dgnu99 -Wno-pointer-sign -o sftp-server = sftp-server.o sftp-common.o sftp-server-main.o -lssh -lcrypt -lcrypto = -lz >> /usr/lib/libssh.so: undefined reference to `ssh_add_recv_bytes' >> /usr/lib/libssh.so: undefined reference to `ssh_roaming_write' >> /usr/lib/libssh.so: undefined reference to `ssh_roaming_read' >> *** Error code 1 >=20 >> Stop in /usr/src/secure/libexec/sftp-server. >> {volt}-{/usr/src/secure/libexec/sftp-server}%=20 >=20 >> Do you have any idea how to make it works? >=20 > Apparently something broke so that sftp-server cannot link to libssh > dynamically, even though scp and ssh can still use it. > By changing the line in secure/libexec/sftp-server/Makefile to >=20 > LDADD=3D -lcrypt -lcrypto -lz -Wl,-static -lssh -Wl,-call_shared >=20 > it links only libssh and its dependencies statically, which may be > enough to fix your problem. This still links quite a lot more than > libssh statically, I am not happy with it at all. Thanks a lot! This solved my problem for now. I'll be testing it this week. Will you put this "patch" to the source tree of CURRENT (or maybe it's good only as a temporary solution)? Thanks again! Regards --=20 Piotr Buli=C5=84ski Informatyka na Wydziale Elektrycznym Politechnika Warszawska --Apple-Mail-7-1052279468--